Transition Lead with Splunk

SoHo Dragon is looking to hire a Transition Lead with Splunk. Preferred candidates should be located in NJ or Charlotte, NC area, since this role will require 2-3x/month in onsite.

As a Splunk Consultant, Candidate's role will involve evaluating and enhancing existing Splunk deployments for customer to ensure optimal performance, efficiency, and utilization of the Splunk platform. Candidate will be responsible for conducting thorough assessments of Splunk environments, identifying areas of improvement, and implementing strategies to enhance the overall effectiveness of the system.

Requirements:

Expertise in SIEM (Security Identity and Event Management) tools such as Splunk

Transition management of Security Operations Center (SOC) from current set up to the proposed new state (and define its roadmap, transition plan, actionable, responsibilities and project schedule)

Proven experience (8-12 Years) in Splunk administration, optimization, and performance tuning in enterprise-level environments.

Deep understanding of Splunk architecture, configuration, and best practices for data ingestion, indexing, search, and storage.

Strong knowledge of Splunk search processing language (SPL) and experience in optimizing complex search queries.

Familiarity with Splunk data models, pivot, and visualization capabilities.

Good understanding of IT infrastructure components, including networking, systems, applications, and security.

Strong communication and interpersonal skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.

Splunk certifications (e.g., Splunk Certified Architect, Splunk Certified Admin) are a plus.

Responsibilities:

Splunk Environment Assessment: Evaluate existing Splunk deployments to identify areas of improvement, including data ingestion, indexing, search performance, storage utilization, and overall system health. Perform in-depth analysis and gather relevant metrics to assess the efficiency and effectiveness of the Splunk environment.

Performance Optimization: Analyze and optimize the search queries, data models, and indexing strategies to improve search performance and reduce response times. Fine-tune Splunk configurations and parameters to maximize resource utilization and minimize bottlenecks.

Data Onboarding and Integration: Review data sources and data ingestion processes to ensure efficient and accurate data collection. Advise on best practices for onboarding different data types, including logs, events, metrics, and external data sources. Optimize data parsing, normalization, and enrichment techniques.

Dashboard and Report Optimization: Evaluate existing dashboards, reports, and visualizations to enhance their usability, relevance, and performance. Collaborate with stakeholders to understand their reporting requirements and provide recommendations for improved data visualization and user experience.

Capacity Planning and Scalability: Assess current resource utilization and provide recommendations for scaling the Splunk infrastructure to accommodate future data growth. Analyze system capacity and design appropriate scaling strategies, including clustering, load balancing, and high availability configurations.